I wan't to go a level further than that. I already are using slaves, that
can only write to the home directory of the user the slave is running
under. But two jobs can (potentially) write anywhere to the users home
directory, and not only in their workspace. This can cause problems when
two job
use a slave (even if on the same server as the master) and connect with a user
which has only permissions for the directories you want him to.
/Domi
On 29.11.2012, at 10:37, Bjarke Freund-Hansen wrote:
> Hi
>
> Is there some way to sandbox builds to their workspace, such that a build
> cannot
Hi
Is there some way to sandbox builds to their workspace, such that a build
cannot modify or access any files outside of it's workspace?
Perhaps using chroot or apparmor?
Best Regards
/Bjarke Freund-Hansen